Introduction To Computer Security - Parkland    

Last Modified:
Wednesday, 18-Nov-2009 18:51:58 CST

CSC250 Fall 2009 - Schedule

First 8 Weeks at a Glance:

Week 1
Aug. 24 		Week 2
Aug. 31 		Week 3
Sept. 7
(College Closed Labor Day) 		Week 4
Sept. 14
Week 5
Sept. 21 		Week 6
Sept. 28 		Week 7
Oct. 5 		Week 8
Oct. 12

Second 8 Weeks at a Glance

Week 9
Oct. 19 		Week 10
Oct. 26 		Week 11
Nov. 2 		Week 12
Nov. 9
Week 13
Nov. 16 		Week 14
Nov. 23
College Closes at 5pm Wed. Nov. 25
College Closed Nov. 26-29. 		Week 15
Nov. 30 		Week 16
Dec. 7

Week 1: Aug. 24

O verview of Computer Security Introduction, History, Overview
For Next Week:
  • Exercise 1:
    CERT Overview and RFC1281 and RFC1296.
    15 Points, You may take this as many times as you wish before Midnight Aug. 31 .
  • Be prepared to discuss the RFC's next week for a 15 point lab.
  • Participation Week 1-4:
    Log on to Angel and make some postings and join our discussion about computer security. Be sure to comment on the CERT overview and RFC1281 and RFC2196.
    10 Points Participation, Due by Sept. 21 Midnight.
  • Lab 1:
    We will run a packet sniffer and login to our Linux accounts and our Angel accounts.

| Top | CSC250 Home

Week 2: Aug. 31

Understanding the need for and procedures used in keeping your systems up to date.

In Class today we will be discussing the RFC's and the CERT Overview. We will also be reading an article on the web and talking about it in class.
You will participate in the discussion for 10 lab points.

For Next Week:
  • Homework 1 and Presentation 1,
    Send me a 1-2 page typed report in e-mail before class on how you updated your system. Be sure that you run MS Baseline Security Analyzer on your system. It is a binary that you downoad and run locally. 25 points for the presentation and 15 points for the Report.
    Due Sept. 14

| Top | CSC250 Home

Week 3: Sept. 7
(College Closed Labor Day)

No Class this Week.

For Next week:





Participation Lab Week 1-4:
Log on to Angel and make some postings and join our discussion about computer security.
10 Points Participation,
Due by: Sept. 21 at Midnight.

| Top | CSC250 Home

Week 4: Sept. 14

Understanding the need for and procedures used in keeping your systems up to date.


Security Discussion:
Quiz 1 Review Sheet
Data Ownership Classifications

For Next week:


Quiz at the beginning of class next week. 25 points.

Participation Lab Week 1-4:
Log on to Angel and make some postings and join our discussion about computer security.
10 Points Participation, Due by Midnight Sept. 21 .

| Top | CSC250 Home

Week 5: Sept. 21

Security and privacy on the internet.

Quiz at the beginning of class this week. 25 points.

Student Presentations on securing their machines continued if not done.

This week in class we will be learning about how to find out where those rogue machines are, and who is supposed to be managing them.

For Next Week:
Legal and Ethical Issues
-->
Homework - whois.
Run whois on 10 different IP addresses that you find and write down who is the manager of the network for the IP address.
10 points, bring your results to class, hand in and we'll look them up too.

Participation Lab Week 5-8:
Log on to Angel and make some postings and join our discussion about computer security.
10 Points Participation, Due by Midnight Oct. 19 .

| Top | CSC250 Home

Week 6: Sept. 28

Finish Student Presentations, hand in 10 IP addresses.

DoS Attacks and Legal and Ethical Issues in Computer Security


Quiz 1



We may not get to DoS attacks today so we are taking that subject up next week. The DoS attacks Exercise is due as noted below.

Denial of service is defined as an event that renders the service of the system that is under DoS attack unusable. It is important to note that you may be suceptable to a DoS attack even though you have no identifiable vulnerability in your systems.

Legal Ethical and Professional Issues in Computer Security. We will be covering some of these issues in an interactive class discussion. -->
Links, Reading and Discussion Topics:

For Next Week:

Exercise 2 - DoS Attacks
Due by Oct. 12 at midnight.

| Top | CSC250 Home

Week 7: Oct. 5


We will be picking up on the spam lecture next week. For this week you should sign up for a security e-mail newsletter and then come next week telling what security newsletter you subscribed to and bring in a sheet detailing one e-mail that you got from the list and do a report on the vulnerability that you found out about. 25 points typed report and 25 points presentation on vulnerability. Be sure to include details on how the vulnerability is accessed, technical details about how the vulnerability works and what systems are affected. Do not just show up with an e-mail, I want your interpretation showing that you understand how the vulnerability works in technical terms.

Sources: CERT e-mail list, SANS e-mail list, Microsoft e-mail lists, ntbugtraq list and many others. If you do not know what list to subscribe to, post on the discussion board and others may have ideas.

e-mail sendmail and spam

Continue DOS Lecture and Start on spam

e-mail, sendmail and spam Lecture

Testing a Relay
The short story to Test a Relay

AUTH a little known service
Screenshot of an AUTH Packet Capture
procmail at procmail.org
The Apache SpamAssassin Project
For Next Week:

| Top | CSC250 Home

Week 8: Oct. 12

e-mail, sendmail and spam:

e-mail, sendmail and spam Lecture

Testing a Relay
The short story to Test a Relay

AUTH a little known service
Screenshot of an AUTH Packet Capture



Labs:
For Next Week:

There will be a test in week 10 covering all the material we have studied so far

Participation Week 5-8
Due by Midnight Oct. 19


Exercise 3 - e-mail, sendmail and whois
Due by Midnight Oct. 19 .

| Top | CSC250 Home

Week 9: Oct. 19


Presentations on a recent Vulnerability from an e-mail listserve

Port Scanning and Packet Sniffing Technology

TCP/IP, ports and DoS Attacks:
Labs:
nmap and packet sniffing lab
 For Next Week:

| Top | CSC250 Home

Week 10: Oct. 26

More on Port Scanning and Packet Sniffing Technology

Midterm Next week covering everything so far.

TCP/IP, port scanning and Packet Sniffing:
Labs:
Lab - nmap II more on running nmap
For Next Week:

  • Exercise 4 - nmap and ports
    Due by midnight Nov. 2 .
  • There will be a Quiz on nmap and portscanning in week 12. You will have to answer questions about it and you will have to run it.

| Top | CSC250 Home

Week 11: Nov. 2



Midterm It does not include NMAP

Lab:


For Next Week:
Week 9-12 Participation: Discuss Computer Security on the discussion board for 10 points.
Due by: Midnight Nov. 16

| Top | CSC250 Home

Week 12: Nov. 9


Quiz on nmap and portscanning next week 25 points.


Cryptography: The Basics

Introduction to Cryptography

Quiz on nmap at the beginning of class next week.


Cryptography Web Pages

Warez defined at Wikipedia


Labs:


Lab: Deploying One-way EncryptionUsing MD5 to check file integrity.
In class on Nov. 9 .

Lab: Implications of Hashing


For Next Week:

Exercise - Encryption and Authentication:
Due by: Midnight Nov. 16


Participation Week 9-12 - 10 Points
Due By Midnight Nov. 16

| Top | CSC250 Home

Week 13: Nov. 16

Cryptography: Putting it all together

Cryptography Web Pages

Kerberos, a cryptographic authentication scheme

Demonstration of:
Digital Certificates, and HTTPS for Secure Transport Layer Security over HTTP.
SSL Handshake
Creating your own Certificate Authority and/or placing a signed certificate on your server
Viewing Approved Certificate Authorities in your Browser
Screenshots of SSL Key Exchange


Participation Week 13-16:
Log on to Angel and make some postings and join our discussion about computer security.
10 Points Participation, Due by Midnight Dec. 14



Lab Web Page: tunneling clear-text protocols through an encrypted tunnel.

Lab: tunneling clear-text protocols through an encrypted tunnel.

Homework Assignment:
Bring in a 1 page written presentation on some security subject that you have learned about this Semester. You will make a presentation to the class on the subject. 10 points for the written report. 15 points for the Presentation. Your presentation will include a web page that you have written.

| Top | CSC250 Home

Week 14: Nov. 23
College Closes at 5pm Wed. Nov. 25
College Closed Nov. 26-29.

We will be having student Presentations Today

Links Reading Class Overview:

Firewalls

Links From Students:
From JMotton Basic PC security article at CERT
From Kweaver Denial of Service Attacks at Wikipedia
From Rmcclary Limiting Priviliges for users in XP
From Mwilliams CIA and other Obversations
For Next Week:
Exercise 6 - Firewalls
Due by Midnight Dec. 7

Participation Week 13-16:
Log on to Angel and make some postings and join our discussion about computer security.
10 Points Participation, Due by Midnight Dec. 14 .

| Top | CSC250 Home

Week 15: Nov. 30

Firewalls

Firewalls, packet filtering, TCP wrappers and Access Control
  • Firewalls
  • We will finish student presentations today
 Lab:

We will be installing the BackOrifice root kit and checking it's operation in class.

| Top | CSC250 Home

Week 16: Dec. 7

Wrap-up, review and sources of information.


Final Review